Security Vulnerabilities - Page 17

Discover Security Vulnerabilities News

Linux and macOS PCs hit by serious Sudo vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Have you heard that Linux andmacOSsystems have been hit by a nasty little bug in the Sudo utility? The good news is it has already been patched.

Brittany Day
Feb 05, 2020

RCE in OpenSMTPD library impacts BSD and Linux distros

Security researchers have discovered a vulnerability inside a core email-related library used by many BSD and Linux distributions.The vulnerability, tracked as CVE-2020-7247, impactsOpenSMTPD, an open-source implementation of the server-sideSMTP protocol.

Brittany Day
Jan 30, 2020

Intel Makes Public Two More Data Leakage Disclosures

Intel last night made public two more data leakage disclosures, which tie back to Zombieload and November's TAA issue.

Brittany Day
Jan 28, 2020

RHEL 8 Still Vulnerable to “Magellan 2” SQLite Bugs, as Patches Drop

Are you a RHEL user? Severe bugs in the ubiquitous SQLite engine – used in thousands of software applications – continue to pose a major security threat, security researchers say, with Red Hat admitting that its flagship Red Hat Enterprise Linux (RHEL) 8 remains vulnerable, despite patching other products this week.

Brittany Day
Jan 28, 2020

Intel Patches Security Vulnerability in Linux and Windows Drivers

Are you aware that Intel has published a total of six advisories for security vulnerabilities impacting its products, including the Intel Processor Graphics on Windows and Linux?

Brittany Day
Jan 15, 2020

Arm Chips Vulnerable to PAN Bypass – “We All Know it’s Broken”

Are you aware that memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed? The Arm team has just recently mitigated the bug, which would allow an attacker to circumvent its “Privileged Access Never” (PAN) controls in the kernel.

Brittany Day
Jan 13, 2020

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Learn more:

Brittany Day
Jan 09, 2020

FPGA cards can be abused for faster and more reliable Rowhammer attacks

In a new research paper published on the last day of 2019, a team of American and German academics has shown that field-programmable gate array (FPGA) cards can be abused to launch better and faster Rowhammer attacks. Learn more about how FPGA cards can be abused for faster and more reliable Rowhammer attacks:

Brittany Day
Jan 02, 2020

Lazarus leverages Dacls Trojan to infect Windows and Linux systems

Security experts from Netlab 360 have uncovered a new Remote Access Trojan (RAT) used on Linux and Windows operating systems – currently being used in the wild by exploiting a known code execution vulnerability. Dubbed Dacls, the malware was in use since at least May this year and is attributed to the North Korean advanced persistent threat group Lazarus, also known as Hidden Cobra, Guardians of Peace, or Zinc. Learn more:

Brittany Day
Dec 25, 2019

Plundervolt – stealing secrets by starving your computer of voltage

The funky vulnerability of the month – what we call aBWAIN, short forBug With an Impressive Name– isPlundervolt, also known asCVE-2019-11157. Learn more about this vulnerability, how it works and what actions you should be taking to protect you system in an informative Naked Security article:

Brittany Day
Dec 16, 2019

Networking attack gives hijackers VPN access

Researchers have discovered a security flaw in macOS, Linux, and several other operating systems that could let attackers hijack a wide range of virtual private network (VPN) connections. Learn more about this networking attack:

Brittany Day
Dec 09, 2019

OpenBSD devs patch authentication bypass bug

Are you an OpenBSD user? OpenBSD, one of the internet’s most popular free operating systems allowed attackers to bypass its authentication controls, effectively leaving the keys in the back door, according to an advisory released this week. The developers of the OpenBSD system have already patched the vulnerability. Learn more:

Brittany Day
Dec 06, 2019

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. Learn more about the bug and how it could impact your system:

Brittany Day
Dec 06, 2019

Canonical Patches Intel Microcode Regression on Ubuntu PCs with Skylake CPUs

Canonical has published a new security advisory today where the company behind the popular Ubuntu Linux operating system apologizes for a regression introduced by the latest Intel microcode firmware update.

Brittany Day
Dec 05, 2019

Aviatrix VPN vulnerability left user endpoints wide open

Aviatrix, a supplier of open source enterprisevirtual private networks(VPNs) to customers including BT, Nasa and Shell, has patched a serious vulnerability in its client that could have given an attacker escalation privileges on a machine to which they already had access. Learn more about this vulnerability and its implications for Linux users in an informative Computer Weekly article:

Brittany Day
Dec 05, 2019

Using WPScan to find WordPress vulnerabilities on your website

Are you a security-conscious WordPress user? WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes. Learn more about WPScan and how you can use this tool to improve your security in WordPress in an informative Security Boulevard article:

Brittany Day
Nov 29, 2019

Researchers Publish PoC for Docker Escape Bug

Are you a Docker customer? If so, you should upgrade to the latest version of Docker immediately. Security researchers have detailed a proof-of-concept (PoC) attack exploiting a critical vulnerability, which could lead to full container escape. Learn more:

Brittany Day
Nov 20, 2019

How the Linux kernel balances the risks of public bug disclosure

A serious Wi-Fi vulnerability has shown how Linux handles security in plain sight. Learn more about this security bug, as well as how the Linux kernel balances the risks of public bug disclosure:

Brittany Day
Nov 18, 2019

Canonical Outs Major Linux Kernel Security Updates for All Supported Ubuntu OSes

Are you an Ubuntu user? Canonical has released a new batch of Linux kernel security updates for all of its supported Ubuntu Linux releases to address the latest Intel CPU vulnerabilities, as well as other important flaws. Learn more:

Brittany Day
Nov 14, 2019

Linux vs. Zombieland v2: The security battle continues

Have you heard about the latest Intel CPU bug, Zombieland v2? Learn more about this security vulnerability and what Red Hat and other Linux vendors are doing about it in an informative ZDNet article:

Brittany Day
Nov 14, 2019

Security Vulnerabilities - Page 17

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

Easily Exploitable 10-Year-Old needrestart Utility Flaws Allow Root Access

7-Zip Users Beware: Urgent Update Needed to Fix Code Execution Security Flaw